diff --git a/private/perfetto.te b/private/perfetto.te
index c068dc517c89292354ca73902651512282eefca3..4d8720a2d084d1c3cfe4a9a4a65eac2927810ba2 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -20,12 +20,11 @@ binder_use(perfetto)
 binder_call(perfetto, system_server)
 allow perfetto dropbox_service:service_manager find;
 
-# Allow statsd and shell to pipe the trace config to perfetto on stdin and to
-# print out on stdout/stderr.
-allow perfetto statsd:fd use;
-allow perfetto statsd:fifo_file { getattr read write };
-allow perfetto shell:fd use;
-allow perfetto shell:fifo_file { getattr read write };
+# Allow perfetto to read the trace config from statsd and shell
+# (both root and non-root) on stdin and also to write the resulting trace to
+# stdout.
+allow perfetto { statsd shell su }:fd use;
+allow perfetto { statsd shell su }:fifo_file { getattr read write };
 
 # Allow to communicate use, read and write over the adb connection.
 allow perfetto adbd:fd use;